Protection of Personal Information

The Protection of Personal Information Act No.4 of 2013 (“POPI”) is nearing its long-awaited implementation. POPI has introduced a comprehensive set of principles, which will govern the collection, use, storage, transfer, sharing and destruction of personal information. The reach of the Act is wide, as it will apply to all businesses, as well as the South African government. The Act has been carefully considered and includes international best practice standards that will elevate South Africa’s data privacy protection to levels that more readily facilitate economic trade with nations sensitive about data privacy protection. Failure to comply with POPI can result in reputational damage, loss of customers, litigation and a fine of up to R10 million or 10 years in jail.

It is imperative that your business properly understands the in’s and out’s of your information obligations, as well as how to implement the correct systems and processes in order to be compliant and control your risk.

At Shepstone & Wylie Attorneys, a team of specialist attorneys within the Employment & Pension Law department deals with POPI Compliance.

Our expertise includes inter alia:

Access to personal information

Cloud computing

Data

Direct marketing

Documenting processing activities

Lawful sourcing of personal information

Minimal collection of personal information

Mitigating security breaches

Notification duty

POPI enforcement

POPI principles, rules of thumb and checklists

Practical advice on how to interpret POPI and how to apply it in your organisation